In this video, we explore AI package Hallucination. This threat is a result of AI generation tools hallucinating open-source packages or libraries that don't exist. In this video, we explore why this happens and show a demo of ChatGPT creating multiple packages that don't exist. We also explain why this is a prominent threat and how malicious hackers could harness this new vulnerability for evil. It is the next evolution of Typo Squatting.

Welcome to our concise video on ASPM – Application Security Posture Management! In this brief 1-minute video, we unravel the complexities surrounding ASPM, shedding light on its crucial role in safeguarding digital assets and data integrity. ASPM serves as a comprehensive framework for assessing, monitoring, and enhancing the security posture of applications throughout their lifecycle. From development to deployment and beyond, ASPM empowers organizations to proactively identify and mitigate security risks, vulnerabilities, and compliance gaps.

Understanding our supply chain means understanding all the components that make it. But this is harder than it appears. Open-source components make up 80 - 90% of our application's source code, but we must also remember that our open-source components are also made from open-source components, it's like supply chain inception. SCA or Software Composition Analysis is a security tool that looks at your entire supply chain and outlines vulnerabilities, including transitive or downstream dependencies.

In this video, we show exactly how to use AWS Secrets Manager and how to connect it with your Python application. Secrets are hard to manage and while using methods like storing them as environment variables in a.env file can be suitable, a more secure method particularly in a team is to use a secrets manager so developers can avoid ever needing to handle the plain text secret. Subscribe to the channel to get more Tech Tips on Tuesdays (and also other days)

Good news! GitGuardian can now help you find and remediate secrets exposed in Slack channels. You already know us for accurately detecting secrets in your code base. And now, we have extended the real-time detection capability to cover the world's most popular communications platform. Add Slack to your GitGuardian monitored perimeter, and help keep secrets sprawl out of your team communications channels!

In this video we provide a breakdown of the nation-state attack on Microsoft by Russian backed hacking group Midnight Blizzard ( also known as NOBELIUM) that happened between November 2023 and March 2024.

If you are using Jira Cloud for issue-tracking and project management, we have some great news! GitGuardian can now help you find and remediate any plaintext secrets found inside your Jira Cloud instance, You can now rely on GitGuardian's real-time secrets detection to find credentials - shared in Jira ticket descriptions, comments, or even titles. Integrating Jira Cloud with GitGuardian is simple, but does requires a Business or Enterprise plan.

Explore the industry-first solution designed to empower security and development teams in securing secrets across multi-cloud, DevOps, and containerized environments. Discover innovative use cases, from detecting public GitHub leaks to enforcing secret management policies. Don't miss this opportunity to delve into the future of secrets security with our very own Mackenzie Jackson from GitGuardian and special guests Evan Litwak and David Hisel from CyberArk. Save your spot now for an engaging conversation redefining your approach to secret protection in software development.

With GitGuardian Honeytoken Deployment Jobs, you can quickly add honeytokens to any private repo with just a few clicks. In this new automated process, GitGuardian will check the type of code in the repo and, based on the context, generate a new file populated with a unique honeytoken. It will then create a new merge request ready for your team's review so you can add in a honeytoken with very little effort.

Secrets like API keys, Certificates, and credential pairs are used throughout modern software development. However, these pose a significant risk as attackers are always after them to gain unauthorized access to our system. This video explains in 60 seconds why hardcoding secrets or insecurely storing them is a security issue. The video also addresses some tools to use to manage your secrets or to scan your sourcecode for secrets,